90kpa (90kpa) asked a question.
Only getting a single group in my Saml Assertion (Everyone)
I have a trial account(not sure if this is and issue). I have created a SAML sign on to SFDC. That works. I have then followed the steps to pass all groups to the saml assertion. ie Group attribute statement added a line
Name = groups
Format = unspecified
filter : matches regex = .*
I have created several groups groupGreen, groupRed, doubleSecretProbation
I have added my user to all of the groups
When I SSO in the saml assertion only contains one group
SFDC JIT provisioning is showing the following DEBUG|{Groups=Everyone, Ln=Vickers, fn=David}
I have not been able to get the other groups to flow over, looking for thoughts on what I am doing wrong thanks
I have answered my own question, The assertion does contain the groups however the Salesforce Jit handler is not processing them , (I suspect it is interpreting name value pairs but in this case gets a list).
From the apex
private void handleJit(boolean create, User u, Id samlSsoProviderId, Id communityId, Id portalId,
String federationIdentifier, Map<String, String> attributes, String assertion)
The Map "attributes" does not handle getting a list of attributes or at least is seems that way because if you decode the assertion then the groups are there exactly as expected. In the attributes you just get the first value in the list ie Name: first value in list